1 /* 2 * Copyright (c) 2024 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29 /*- 30 * SPDX-License-Identifier: BSD-3-Clause 31 * 32 * Copyright (c) 1982, 1986, 1993, 1994, 1995 33 * The Regents of the University of California. All rights reserved. 34 * 35 * Redistribution and use in source and binary forms, with or without 36 * modification, are permitted provided that the following conditions 37 * are met: 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. Neither the name of the University nor the names of its contributors 44 * may be used to endorse or promote products derived from this software 45 * without specific prior written permission. 46 * 47 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 48 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 49 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 50 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 51 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 52 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 53 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 55 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 56 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 57 * SUCH DAMAGE. 58 */ 59 60 #ifndef _NETINET_TCP_SYNCOOKIE_H_ 61 #define _NETINET_TCP_SYNCOOKIE_H_ 62 63 #include <netinet/tcp_var.h> 64 #include <sys/types.h> 65 66 #ifdef KERNEL_PRIVATE 67 68 void tcp_syncookie_init(void); 69 void tcp_syncookie_syn(struct tcp_inp *tpi, struct sockaddr *local, struct sockaddr *remote); 70 bool tcp_syncookie_ack(struct tcp_inp *tpi, struct socket **so2, int* dropsocket); 71 72 /* 73 * Flags for the Accurate ECN setup 74 */ 75 #define SC_ECN_SETUP 0x01 /* send classic ECN setup */ 76 #define SC_ACE_SETUP_NOT_ECT 0x02 /* send ACE not-ECT setup */ 77 #define SC_ACE_SETUP_ECT1 0x04 /* send ACE ECT1 setup */ 78 #define SC_ACE_SETUP_ECT0 0x08 /* send ACE ECT0 setup */ 79 #define SC_ACE_SETUP_CE 0x10 /* send ACE CE setup */ 80 81 82 #define SYNCOOKIE_SECRET_SIZE 16 83 #define SYNCOOKIE_LIFETIME 15 /* seconds */ 84 85 struct syncookie_secret { 86 volatile u_int oddeven; 87 uint8_t key[2][SYNCOOKIE_SECRET_SIZE]; 88 uint32_t last_updated; 89 }; 90 91 typedef union { 92 uint8_t cookie; 93 struct { 94 uint8_t odd_even:1, 95 sack_ok:1, 96 ecn_ok:1, /* Only needed for classic ECN */ 97 wscale_idx:3, 98 mss_idx:2; 99 } flags; 100 } syncookie; 101 #endif /* KERNEL_PRIVATE */ 102 103 #endif /* _NETINET_TCP_SYNCOOKIE_H_ */ 104